|April 15, 2013
Several weeks ago, privacy advocates, consumers associations, and technology companies all worked together during the Cyber Intelligence Sharing and Protection Act (CISPA) Week of Action to address the major privacy flaws in CISPA, H.B. 624. The week of action was a major success, with companies such as Craigslist and Firefox taking part and thousands of people contacting their representatives in Congress to express their concern around CISPA. However, the fight over CISPA is just beginning. Last week, CISPA passed out of the House Intelligence Committee by a vote of 18-2.
The sponsors of the bill, Representatives Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD), have maintained that there is no reason for concern, making inaccurate and misleading claims about the bill. They have argued that the bill does not contain overbroad provisions or definitions. Yet as EFF’s Mark Jaycox correctly notes:
The best example of a dangerous undefined term in the bill is found within the overly broad legal immunity for companies. The clause grants a company who acts in ‘good faith’ immunity for ‘any decisions made’ based off of the information it learns from the government or other companies. . . Companies should not be given carte blanche immunity to violate long-standing computer crime and privacy law. And it is notoriously hard to prove that a company acted in bad faith, in the few circumstances where you would actually find out your privacy had been violated.
The bill was marked up in a closed session on Thursday, April 10th, despite urgings from the privacy and civil liberties community to the contrary. BORDC, along with 40 other organizations, signed a letter urging an open and transparent markup. The closed markup begs the question: if the bill presents no privacy concerns, why not move it forward in a transparent and open way?